Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits: de9e9f62 by Anton Gladky at 2023-03-31T21:36:03+02:00 Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5 - - - - - 6feb617f by Anton Gladky at 2023-03-31T21:37:10+02:00 Reserve DLA-3376-1 for svgpp - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -104104,7 +104104,6 @@ CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...) - svgpp 1.3.0+dfsg1-5 (bug #1014599) [bullseye] - svgpp <no-dsa> (Minor issue) - [buster] - svgpp <no-dsa> (Minor issue) NOTE: https://github.com/svgpp/svgpp/issues/101 NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91 CVE-2021-44959 @@ -293893,7 +293892,7 @@ CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...) NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...) - - svgpp <unfixed> (unimportant; bug #919321) + - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way. NOTE: No security impact, only used to build examples, see #921097 @@ -293903,7 +293902,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...) {DLA-2872-1 DLA-1656-1} - agg 1:2.4-r127+dfsg1-1 (low; bug #919322) - - svgpp <unfixed> (unimportant; bug #919321) + - svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/ NOTE: and possibly already fixed with the inclusion of 05-fix-recursion-crash.patch ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[31 Mar 2023] DLA-3376-1 svgpp - security update + {CVE-2019-6245 CVE-2019-6247 CVE-2021-44960} + [buster] - svgpp 1.2.3+dfsg1-6+deb10u1 [31 Mar 2023] DLA-3375-1 xrdp - security update {CVE-2022-23480 CVE-2022-23481 CVE-2022-23482} [buster] - xrdp 0.9.9-1+deb10u3 ===================================== data/dla-needed.txt ===================================== @@ -291,10 +291,6 @@ sssd NOTE: 20230131: Programming language: C. NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git -- -svgpp (gladk) - NOTE: 20230322: Programming language: C++. - NOTE: 20230322: VCS: https://salsa.debian.org/debian/svgpp.git --- systemd (Adrian Bunk) NOTE: 20230304: Programming language: C. NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits